Microsoft Tools to Combat Vista Piracy

WEBINAR:On-Demand

A new software protection platform targets Vista and Longhorn piracy in an attempt to give Microsoft's channel partners a level-playing field.

Microsoft will unveil Oct. 4 a new software protection platform and accompanying technologies that it plans to incorporate into a variety of products, starting with Windows Vista and Windows Server Longhorn, in hopes of combating piracy.

The new technologies will be included in all of Vista versions, and over time every Microsoft product will use the platform to some extent, Cori Hartje, director of Microsoft's Genuine Software Initiative, told eWEEK.

The hope inside Microsoft is that these new technologies will make it harder for people to pirate Windows Vista and help ensure that its channel partners have a level-playing field.

To read what's inside the six Windows Vista releases, click here.

"Today, with such an easy way to copy and counterfeit Windows XP, those channel partners don't really have a level playing field to sell legitimate copies of the software. We are very optimistic that this will make a dent in Vista piracy and counterfeiting," she said.

Among the new activation technologies that will be found in Vista and Longhorn Server is Volume Activation 2.0., which represents a big change for how those enterprise volume customers activate their software, Thomas Lindeman, senior product manager for Microsoft's Software Protection Platform, told eWEEK.

"With Windows XP, the volume-licensing keys could easily be stolen and leaked as they are in clear text and in the registry on everyone's computer. Customers told us that we needed to help them protect that key, so now the keys are going to be encrypted and kept in a trusted store," he said.

Roger Kay, president of research group Endpoint Technologies Associates, told eWEEK that Microsoft's assertion of its right to control the kernel is key to warding off hackers.

"Apple does it," he said. "Why not Microsoft? By not allowing anything to run at the same privilege level as the kernel, and by shutting down the kernel if anything messes with it, Microsoft is fielding a much more robust system than it did with XP, which allowed all kinds of kernel modifications by software partners and, by extension, hackers."

Lindeman added that future Microsoft products such as Office 14, SQL Server and Exchange are already planning to use this platform, whether just for code protection, digital distribution or volume.

But he stressed that there will be no cross-checking whatsoever of other software on a person's hardware, and there will be no reporting back to Microsoft or validating any other software except for Windows Vista.

In fact, the Redmond, Wash., company undertook a public disclosure with a third party who audited the traffic and data that went back and forth during activation so that it could prove there was no personally identifiable information there, he said.

Microsoft is planning to offer customers a choice of two kinds of volume-license key services: the volume-license KMS (key-management service) and MAK (Multiple Activation Keys).

The KMS option is hosted by the user and thus does not need to talk to Microsoft. It brings a single key controlled by an IT professional that is encrypted and found on a single machine; each of the machines inside the enterprise talk to that KMS service at least twice a year, Lindeman said.

The MAK option applies to those companies with users who do not connect to the network at least twice a year or who have a small laboratory of less than 25 users. This multiple activation key activates one time onlyMicrosoft's new Volume Activation Management tool will help with proxy activation, he said.

This would apply, say, in a lab with 1,000 machines and where a KMS is not installed. "They obviously do not want to call Microsoft up 1,000 times, and so they can run this tool on a single machine," he said.

"It will talk to those 1,000 machines and harvest the hardware identity data from them. That single proxy machine will then talk to Microsoft, get the activation identities back for all the machines, and then shoot this out to those machines and activate them. Customers can also use this method to activate their entire organization," Lindeman said.

Endpoint's Kay believes that these new technologies will ease the burden on IT administrators by allowing them to either administer the activation/validation themselves or have Microsoft do it.

"It will help them to know that every client that validates properly has a kernel with integrity," he said. "It represents a first-level health check. Also, they don't need to worry about rogue machines from ex-employees wandering around because they'll go dead after six months."

Lindeman agreed, saying customers who had been testing Volume Activation 2.0 liked the fact that the machines talked to the KMS regularly, as this helped them with the problem of computers disappearing from the network and enabled them to see whether they had been tampered with.

"The anti-tampering checks that happen every time you talk to KMS helps make sure that the copies of Windows are genuine and not tampered with, which brings added security. We are also provided management tools like a MOM pack, and we have SMS integration to help customers create reports that they can use to monitor the health of the system," he said.

According to Lindeman, these tools are in no way related to billing and Microsoft will not know how many computers are activated. "These tools are optional, and we provided them to meet the needs of customers who wanted help with reporting," he said.

There will also be open APIs and WMI interfaces on all the machines so that third-party tools can query the store and find out what software is on the machine and what the activation state is.

Asked about the issue of false positives, which is an issue with Windows XP and the WGA (Windows Genuine Advantage) program, Hartje said the WGA and Software Protection Program have common goals of protecting consumers but are fundamentally different technologies and the issues and complaints would not be the same, she said.

Customers could call into the support center if they experienced an issue, she said, but as the technology was checking at the time of activation to make sure this was a genuine product, "we expect a reduction in those types of issues. I am sure there will be issues and we will address them as they occur, but it's hard for us to know right now what the future will be," she said.

Asked if he thought there would be a reduction in issues for customers with this new technology, Kay said it is hard to say as that depends on how well it actually works. But he does feel that casual piracy will diminish fairly significantly.

Microsoft has been working with its TAP (Technology Adoption Program) customers and others for more than a year, and much of that feedback has led to things like the proxy activation option and the MOM pack, according to Lindeman.

It is also being used inside Microsoft, where there is a single KMS service and one backup that activate all the machines on its network. "It's an invisible process for end users, and it's a very lightweight service of 200 bytes that go back and forth between KMS and the client and we could do about 25,000 activations in an hour if we had to," he said.

There have been no reported issues with the activation process itself, which has been thoroughly tested, Lindeman said, but one issue is that many enterprise customers cannot run client-based or beta software in their data center. When Vista ships at RTM, all that will be available is KMS support on the Windows client and the Longhorn server beta.

But, some six months after RTM, Microsoft will have KMS support on Windows Server 2003. Those who are affected by this will have to get a waiver from their IT organization, use MAK activation or even OEM activated machines, he said. "That has been the roughest thing we have gone through, and we just couldn't get that worked on in time," he said.

Microsoft is also making a comprehensive deployment guide for all this available online Oct. 4, Hartje said, adding that this guide will help volume-license customers use the right key distribution methodology upfront.

"It only takes a few minutes to set up the key management services in an environment and is very straightforward. We give lots of examples on how to do this as well as scripts to tell end users how to do it," she said. "We have covered all the parameters that the IT professional will need. After this is in place, the end customer won't have to do anything. It will be transparent."

Customers in a retail or volume environment will have to activate their product within 30 days, during which time the product will be fully functional, albeit with repeated reminders to activate.

Failing that, the product moves to reduced functionality mode, but the key can be entered at any time and the product would then revert to regular mode.

It will also be validated every time software updates are required and, if the software is found not to be genuine at a later date, genuine add-ons like the Aero user interface, Windows Defender and ReadyBoost, which expands virtual memory, will no longer work, and the user will again be put in a 30-day activation notice to become genuine again, she said.

"At the end of 30 days, the machine will move into reduced functionality mode for validation, and users will only get an hour of reduced experience Internet access before being logged off. They will then have to log on again before getting another hour of Internet access," she said.

Check out eWEEK.com's for Microsoft and Windows news, views and analysis.

Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.

He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.

He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.

He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.

He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.

He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.

His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.

For numerous examples of his writing you can search under his name at the eWEEK Website at www.eweek.com.

By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.